According to experts from UpGuard Cyber, 73 GB of downloaded data online has exposed by Washington Internet Service Provider (ISP) Pocket iNet accidently. This information includes corporate data like AWS secret keys of IPS’s users or employees and user name & password in plain text format.
This report claims about Misconfiguration of Amazon S3 storage results in data exposure. It made all the data information vulnerable for Cyber crooks and allows them to access these data. They keep record of all information including user name & password in plain text and other data as well. It took seven days of company before the Pocket iNet safeguard the exposure.
ISP (Internet Service Provider) claims that the company uses the latest technologies to provide service. They write on official website that “Pocket iNet makes use of bleeding edge and emerging technologies such as native IPv6, Carrier Ethernet and local fiber to the premise delivering the highest possible service levels to connected customers”. While Company provides excellent service worldwide that is beneficial for business and individuals as well. Company should put some resources to protect their data or provide security regarding data.
“Data Exposure” results might be panics if the data accessed by Cyber criminals:
UpGuard technical expert has identified in 11th October that exposed bucket of 73 GB of data named “Pinapp2” and they realized that bucket related to Pocket iNet ISP. The Information includes spreadsheets, Pictures, plain text user name & password,, diagrams, inventory lists and more details as well. After that, security experts immediately contact the company to notify about “data exposure” via telephone number, email ID and other media. Cyber criminals are behind such illegal tactics and their prime target is to expose data of ISPs that are part of US critical Infrastructure. It takes seven days in such activates until data will finally exposed or preventing anyone from accessing it.
The most noticeable factors was that spreadsheets which has no password with user name root or admin which makes easy for attacks to control on System’s assets and results in data exposure of company.
UpGuard Researchers Statement, “Documents containing long lists of administrative passwords may be convenient for operations, but they create single points of total risk, where the compromise of one document can have severe and extensive effects throughout the entire business.”
Companies should be careful about their corporate data and make sure not such buckets are exposed:
According to experts, it is not first time that Amazon S3 bucket was accidently exposed. In past months or in this year, data Firm “LocalBlox” which has unprotected 1.2 TB files and AWS error was disclose internal information of hosting provider “GoDaddy” in summer 2018.
Pocket iNet company as well many other company technologies company must realize that risks and try to reduce the possibility of such type of data exposure, protecting the business and individual data as well.